Risk Management Policy

Policy and Procedure 

1. Hastings International Piano risk management model  

1.1 Hastings International Piano recognises that risk management is essential to its governance and to sustainable operation of its services. Risk management in Hastings International Piano will be designed to ensure:-  

  • the identification, assessment and management of risk is linked to the achievement of the charity's objectives; 

  • all areas of risk are covered - for example, financial, governance, operational and reputational; 

  • a risk exposure profile can be created that reflects the trustees' views as to what levels of risk are acceptable; 

  • the principal results of risk identification, evaluation and management are reviewed and considered; 

  • risk management is ongoing and embedded in management and operational procedures. 

1.2 Hastings International Piano will regularly review and assess the risks it faces in all areas of its work and plans for the management of those risks.  

1.3 There are risks associated with all Hastings International Piano’s activities - they can arise through things that are not done, as well as through ongoing and new initiatives.  Risk exposure for Hastings International Piano will vary depending on circumstance. For example Hastings International Piano may be willing to expose itself to higher risks as the size of our reserves/size of our organisation increases. Risk tolerance may also be a factor in what activities are undertaken to achieve objectives.  Hastings International Piano will therefore ensure that there is an appropriate balance taken between higher and lower risk activities.  

These considerations will inform the trustees in their decision as to the levels of risk they are willing to accept. 

1.4 Trustees need to let staff know the boundaries and limits set by their risk policies to make sure there is a clear understanding of the risks that can and cannot be accepted.  

2. Identifying Our Risks 

2.1 As part of its business planning process, a risk register will be developed. This register is a ‘living document’ and forms the baseline for further risk identification.  Hastings International Piano recognises that new risks will appear and other risks will become less or more severe or may disappear over the lifetime of the plan. Risk identification is therefore an ongoing process within Hastings International Piano. When new risks are identified by a trustee, these will be referred to the Chair who will in consultation with the trustees will update the risk register accordingly. Hastings International Piano will also annually review the risks identified in the Hastings International Piano’s risk register. 

 2.2 In undertaking this, trustees will consider:  

  • Hastings International Piano’s purpose; 

  • the nature and scale of our activities; 

  • the outcomes that need to be achieved; 

  • external factors that might affect Hastings International Piano such as legislation and regulation; 

  • the Hastings International Piano reputation with its major funders and supporters; 

  • past mistakes and problems that Hastings International Piano has faced; 

  • the operating structure - for example if we established a trading arm; 

  • comparison with other charities working in the same area or of similar size; and 

  • examples of risk management prepared by other charities or other organisations. 

2.3 In developing the Hastings International Piano risk register, trustees will identify/update risks in the following areas  

  • governance; 

  • operational risk  

  • finance risk; 

  • environmental and external risk; 

  • law and regulation compliance risk. 

 

3. Assessing , Monitoring and Evaluating risk  

3.1 Identified risks need to be put into perspective in terms of the potential severity of their impact and likelihood of their occurrence. Assessing and categorising risks helps in prioritising and filtering them, and in establishing whether any further action is required.  

3.2   When a new risk arises, the chair in consultation with the trustees will then assess the risks identified by staff and trustees based on how likely they are to occur and how severe their impact using the methodology set out at appendix 1 

3.3 They will identify those risks that are major and propose appropriate actions to mitigate these risks. This will update Hastings International Piano’s risk register and will be approved by the Chair and/or treasurer (if a financial risk).  

3.4 Where a trustee subsequently has a concern about the risk register, s/he should initially seek agreement to amendment via email and if s/he is still not satisfied raise the issue at the next board meeting 

3.5 Examples of possible actions to mitigate risks are set out in appendix 2. 

APPENDIX 1 

Risk Assessment Methodology 

Impact  

Descriptor  

Score  

Impact on service and reputation  

Insignificant  

1  

  • no impact on service 

  • no impact on reputation 

  • complaint unlikely 

  • litigation risk remote 

Minor  

2  

  • slight impact on service 

  • slight impact on reputation 

  • complaint possible 

  • litigation possible 

Moderate  

3  

  • some service disruption 

  • potential for adverse publicity - avoidable with careful handling 

  • complaint probable 

  • litigation probable 

Major  

4  

  • service disrupted e.g. long term sickness 

  • adverse publicity not avoidable (local media) 

  • complaint probable 

  • litigation probable 

  • Sudden loss of funding 

Extreme 

5  

  • service interrupted for significant time 

  • major adverse publicity not avoidable (national media) 

  • major litigation expected 

  • resignation of senior management  

  • resignation of  board 

  • major premises related issue e.g. burglary 

  • loss of beneficiary confidence 

 

 

Likelihood  

Descriptor  

Score  

Example  

Remote  

1  

may only occur in exceptional circumstances  

Unlikely  

2  

expected to occur in a few circumstances  

Possible  

3  

expected to occur in some circumstances  

Probable  

4  

expected to occur in many circumstances  

 

Appendix 2 

Actions that could be taken to mitigate risks 

The following are examples of possible actions:  

  • the risk may need to be avoided by ending that activity  

  • the risk could be transferred to a third party (e.g. use of a trading subsidiary, outsourcing or other contractual arrangements with third parties); 

  • the risk could be shared with others (e.g. a joint venture project); 

  • the charity's exposure to the risk can be limited (e.g. establishment of reserves against loss of income, phased commitment to projects); 

  • the risk can be reduced or eliminated by establishing or improving control procedures (e.g. internal financial controls, controls on recruitment, personnel policies); 

  • the risk may need to be insured against (this often happens for residual risk, e.g. employers liability, third party liability, theft, fire). 

 In assessing the actions to be taken, the costs of management or control should be considered in the context of the potential impact or likely cost that the control seeks to prevent or mitigate. It is possible that the process may identify areas where the current or proposed control processes are disproportionately costly or onerous compared to the risk they are there to manage. A balance will need to be struck between the cost of further action to manage the risk and the potential impact of the residual risk.  

 

We are committed to reviewing our policy and good practice annually. 

This policy was last reviewed on: ………1st July 2024 (date) 

 

By: ………Ian Brignall – General Manager